CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the submit-url parameter in a Refresh action.
References
Link | Resource |
---|---|
http://antoniovazquezblanco.github.io/docs/advisories/Advisory_C54APM_Multiple.pdf | Exploit Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2014-01-10 08:47
Updated : 2014-05-05 08:29
NVD link : CVE-2014-1406
Mitre link : CVE-2014-1406
JSON object : View
CWE
CWE-20
Improper Input Validation
Products Affected
conceptronic
- c54apm
- c54apm_firmware